Search This Blog

Real World Crypto 2018 (RWC 2018) brain dump

The 2018 edition of Real World Crypto (RWC) was in Zurich (you can find the conference full program here.). I live in Switzerland so I was extremely happy about it. RWC is basically the best conference I ever attended and it will probably be so for a while. I almost risked to skip it due to flu but I eventually managed to attend :)

This short blog post is my brain dump of the event. If you want to know more you can find all the videos of the presentations in this youtube channel. The event lasted 3 days and every day was great. Event like this allowed me to meet personally many people I have interacted previously in a way or the other and it turns out that a big percentage of people that do (applied) crypto was indeed attending. FWIW I was even able to shortly ask to the great Prof Boneh about the now legendary Coursera Crypto II :D

Day I

The first day could not start any better. Shay Gueron (from Amazon) did a deep dive into the cryptography behind the AWS cloud. It basically described a new method AWS uses to avoid the AES GCM Forbidden attack caused by key/nonce reuse (see the great blog post fromagl for details). The Key management services session continued with a talk from Anand Kanagala (Google) where he talked about Google internal KMS and told the story of Gmail outage and how one small bug can have a
dramatic impact on billions of accounts and steps taken in order to
change the system design. After a small break was the turn of the real crypto (lol) aka Crypto currencies session.

So there were talks about Mimblewimble (featured by Andrew Poelstra from Blockstream) the new crypto-child solution proposed in a text file posted on a Tor hidden service!!! Then (Ian Miers) talked about the genesis, the present and the future of my favorite crypto currencies aka ZCash. And eventually this session concluded with a third talk about some clever attack on Zero Knowledge protocol (Zero knowledge, subversion-resistance, and concrete attacks, tl;dr be careful who is doing the trusted setup in a Zero Knowledge protocol). Sweet.
With no break arrived one of the most important moment of the conference: the award ceremony of Levchin prize. And drumroll the well deserved winners were Hugo Krawczyk (for the development of real-world crytographic schemes with strong security guarantees and proofs) and theentireOpenSSLteam (for dramatic improvements to the code quality of OpenSSL). Time for lunch and mingle. And here was the afternoon sessions. Time for the Attack I session and my favorite talk of the day where Yuval Yarom (University of Adelaide) and Daniel Genkin (UPenn/UMD) showed (with brave demo included) a Side channel attacks on implementations of Curve25519. The day ended with the Usability and privacy session where Emily Stark (Google) talked about Certificate Transparency(great stuff). The day ended with the talk about end-to-end security of group chats where a glitch in Signal/Whatsapp was presented (see Matthew Green's post).

Day II

The second day started with the Post-quantum crypto and other new hardware session where people from Microsoft (Melissa Chase and Patrick Longa) presented Microsoft's owned proposal for the Post-Quantum Cryptography NIST Standardization. After the break the Broken standards session started with a funny Shattered (aka the famous SHA-1 collision) talk delivered by Pierre Karpman. Then (and this is was probably the most awaited talk of the day) THE MAN aka Jann Horn in person presented Spectre and Meltdown. Awesome. Before lunch was the time for several 1 minute long Lightning talks.For the record there were many little rooms that people can use to study or whatever and. E.g. some of us tried to find their way toward zk-snark

The sessions resumed with the TLS session where the ever innovative Nick Sullivan pleased the audience with some pairing and identity-based broadcast encryption used in Cloudflare's Geo Key Manager. The TLS session could not end without not one but 2 talks about TLS 1.3 delivered by Thyla van der Merwe (Royal Holloway) and David Benjamin (Google). Both were pleasant and (specially the one from David) funny (for us) talks. The day at Volkshaus Zurich ended with Crypto in the clouds
session where Manish Mehta (Netflix) presented the way Netflix handle secrets (in AWS) and the Facebook folks showed how to Scale backend authentication at Facebook . But while the official RWC day ended here pretty many of us were lucky enough to be invited in the Google Zurich Office for an after conference gathering sponsored by Google Research. Someone was even luckier to taste the fateful and tasteful SHA-1 Chartreuse formerly survivor of the Shattered battle

#RealWorldCrypto was great, happy to have shared (and finished!) the SHA-1 Chartreuse with so many nice people!

Day III

The third and last day was a bit shorter but as good as the others. It started with fireworks , indeed Trevor Perrinpresented his baby The Noise protocol framework in the New crypto session. Then was the time for an innovative use of Bloom Filter. The Attacks II
session were a series of a bit shorter interesting talks and the day ended withthe Verification and provable security session that had as highlight the talk about the new formal verification in Firefox.

This was the last talk hence

see you (hopefully for me) next year for RWC 2019 in California.

I want to thank you anyone I interacted with on these 3 days. It was really fun and formative.

Labels

Comments

Thanks for sharing about Real World Crypto Conference 2018 and also for the YouTube channel. The entire blog was very refined and precisely explained. I looking for some blog sites regarding crypto conferences and came across with yours and which seems to be very knowledgeable. Another resource I would like to suggest here is jaredschlar.blogspot.com . I came accross with this website while I was researching. I must say he has come up with a lot of of wonderful blogs

tl;dr I found a severe issue in the Slack's SAML implementation that allowed me to bypass the authentication. This has now been solved by Slack.
Introduction
IMHO the rule #1 of any bug hunter (note I do not consider myself one of them since I do this really sporadically) is to have a good RSS feed list. In the course of the last years I built a pretty decent one and I try to follow other security experts trying to "steal" some useful tricks. There are many experts in different fields of the security panorama and too many to quote them here (maybe another post). But one of the leading expert (that I follow) on SAML is by far Ioannis Kakavas. Indeed he was able in the last years to find serious vulnerability in the SAML implementation of Microsoft and Github. Usually I am more an "OAuth guy" but since both, SAML and OAuth, are nothing else that grandchildren of Kerberos learning SAML has been in my todo list for long time. The Github incident gave me the final…

then after that the resource owner has authorized the client the authorization server redirects the resource owner back to the client with an authorization code:
Then the OAuth dance continues....
Facebook/Dropbox i…